From ff4a1e0ac618d58f6e200f500d1e9db66e69df6e Mon Sep 17 00:00:00 2001 From: Hans Joachim Desserud Date: Sun, 22 Feb 2015 10:58:31 +0100 Subject: [PATCH 1/5] Place modifiers in expected order Former-commit-id: 0cf3616fd9a737f4ca143b6f46165bdbf0e14aec --- .../owasp/dependencycheck/jaxb/pom/generated/ObjectFactory.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/jaxb/pom/generated/ObjectFactory.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/jaxb/pom/generated/ObjectFactory.java index e315aee91..e190ad93b 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/jaxb/pom/generated/ObjectFactory.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/jaxb/pom/generated/ObjectFactory.java @@ -31,7 +31,7 @@ import javax.xml.namespace.QName; @XmlRegistry public class ObjectFactory { - private final static QName _Project_QNAME = new QName("http://maven.apache.org/POM/4.0.0", "project"); + private static final QName _Project_QNAME = new QName("http://maven.apache.org/POM/4.0.0", "project"); /** * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: org.owasp.dependencycheck.analyzer.pom.generated From 7c4cc1334beaa11320655881102135c0dc101547 Mon Sep 17 00:00:00 2001 From: Hans Joachim Desserud Date: Sun, 22 Feb 2015 11:05:58 +0100 Subject: [PATCH 2/5] Place array designator on the type instead of the variable Former-commit-id: 2e29bc1c61400e3bdb6b35b0b21a5cbb04cbf37a --- .../org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java | 2 +- .../java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java | 2 +- .../java/org/owasp/dependencycheck/utils/ExtractionUtil.java | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java index 32a1dff72..a8cddd031 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java @@ -382,7 +382,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { fos = new FileOutputStream(file); bos = new BufferedOutputStream(fos, BUFFER_SIZE); int count; - final byte data[] = new byte[BUFFER_SIZE]; + final byte[] data = new byte[BUFFER_SIZE]; while ((count = input.read(data, 0, BUFFER_SIZE)) != -1) { bos.write(data, 0, count); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index 98831ae85..34506582f 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -408,7 +408,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { fos = new FileOutputStream(file); bos = new BufferedOutputStream(fos, BUFFER_SIZE); int count; - final byte data[] = new byte[BUFFER_SIZE]; + final byte[] data = new byte[BUFFER_SIZE]; while ((count = input.read(data, 0, BUFFER_SIZE)) != -1) { bos.write(data, 0, count); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java index 3f0ae2b03..154e305aa 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java @@ -107,7 +107,7 @@ public final class ExtractionUtil { fos = new FileOutputStream(file); bos = new BufferedOutputStream(fos, BUFFER_SIZE); int count; - final byte data[] = new byte[BUFFER_SIZE]; + final byte[] data = new byte[BUFFER_SIZE]; while ((count = zis.read(data, 0, BUFFER_SIZE)) != -1) { bos.write(data, 0, count); } From 42939e49223427089549b8ac6d7de00d6c33461c Mon Sep 17 00:00:00 2001 From: Hans Joachim Desserud Date: Sun, 22 Feb 2015 11:20:36 +0100 Subject: [PATCH 3/5] Compare with equalsIgnoreCase instead of changing casing Former-commit-id: ab89ed68cb5e25d14d5fbd7ba93dc93948523d82 --- .../src/main/java/org/owasp/dependencycheck/CliParser.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java index 184a520df..77e26dfe6 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java @@ -140,7 +140,7 @@ public final class CliParser { throw new FileNotFoundException(msg); } else if (!path.contains("*") && !path.contains("?")) { File f = new File(path); - if ("o".equals(argumentName.substring(0, 1).toLowerCase()) && !"ALL".equals(this.getReportFormat().toUpperCase())) { + if ("o".equalsIgnoreCase(argumentName.substring(0, 1)) && !"ALL".equalsIgnoreCase(this.getReportFormat())) { final String checkPath = path.toLowerCase(); if (checkPath.endsWith(".html") || checkPath.endsWith(".xml") || checkPath.endsWith(".htm")) { if (f.getParentFile() == null) { From cf677bd70e487b5a4ebc736b5ed51d926b385445 Mon Sep 17 00:00:00 2001 From: Hans Joachim Desserud Date: Sun, 22 Feb 2015 11:42:14 +0100 Subject: [PATCH 4/5] Prefer checking isEmpty over size() > 0. Plus fix some typos Former-commit-id: 754f300c0b120c0c9098c17c19dbd11aa7a39844 --- .../java/org/owasp/dependencycheck/Engine.java | 2 +- .../data/lucene/AbstractTokenizingFilter.java | 2 +- .../lucene/TokenPairConcatenatingFilter.java | 4 ++-- .../data/lucene/UrlTokenizingFilter.java | 2 +- .../owasp/dependencycheck/data/nvdcve/CveDB.java | 4 ++-- .../suppression/SuppressionRule.java | 16 ++++++++-------- .../maven/BaseDependencyCheckMojo.java | 6 +++--- 7 files changed, 18 insertions(+), 18 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java index 8f645b0c9..e2eeb9bc3 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -116,7 +116,7 @@ public class Engine { * Loads the analyzers specified in the configuration file (or system properties). */ private void loadAnalyzers() { - if (analyzers.size() > 0) { + if (!analyzers.isEmpty()) { return; } for (AnalysisPhase phase : AnalysisPhase.values()) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractTokenizingFilter.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractTokenizingFilter.java index a45b653fe..6d06d74c6 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractTokenizingFilter.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractTokenizingFilter.java @@ -72,7 +72,7 @@ public abstract class AbstractTokenizingFilter extends TokenFilter { * @return whether or not a new term was added */ protected boolean addTerm() { - final boolean termAdded = tokens.size() > 0; + final boolean termAdded = !tokens.isEmpty(); if (termAdded) { final String term = tokens.pop(); clearAttributes(); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java index 3a5c52a8a..69c9c0769 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java @@ -92,7 +92,7 @@ public final class TokenPairConcatenatingFilter extends TokenFilter { //if we have a previousTerm - write it out as its own token concatenated // with the current word (if one is available). - if (previousWord != null && words.size() > 0) { + if (previousWord != null && !words.isEmpty()) { final String word = words.getFirst(); clearAttributes(); termAtt.append(previousWord).append(word); @@ -100,7 +100,7 @@ public final class TokenPairConcatenatingFilter extends TokenFilter { return true; } //if we have words, write it out as a single token - if (words.size() > 0) { + if (!words.isEmpty()) { final String word = words.removeFirst(); clearAttributes(); termAtt.append(word); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilter.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilter.java index e5f47221a..a02253123 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilter.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilter.java @@ -60,7 +60,7 @@ public final class UrlTokenizingFilter extends AbstractTokenizingFilter { public boolean incrementToken() throws IOException { final LinkedList tokens = getTokens(); final CharTermAttribute termAtt = getTermAtt(); - if (tokens.size() == 0 && input.incrementToken()) { + if (tokens.isEmpty() && input.incrementToken()) { final String text = new String(termAtt.buffer(), 0, termAtt.length()); if (UrlStringUtils.containsUrl(text)) { final String[] parts = text.split("\\s"); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java index 20473b646..d38da868c 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java @@ -875,9 +875,9 @@ public class CveDB { */ private DependencyVersion parseDependencyVersion(VulnerableSoftware cpe) { DependencyVersion cpeVersion; - if (cpe.getVersion() != null && cpe.getVersion().length() > 0) { + if (cpe.getVersion() != null && !cpe.getVersion().isEmpty()) { String versionText; - if (cpe.getRevision() != null && cpe.getRevision().length() > 0) { + if (cpe.getRevision() != null && !cpe.getRevision().isEmpty()) { versionText = String.format("%s.%s", cpe.getVersion(), cpe.getRevision()); } else { versionText = cpe.getVersion(); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java index 90abfdec0..7d75a79c3 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java @@ -112,7 +112,7 @@ public class SuppressionRule { * @return whether or not this suppression rule as CPE entries */ public boolean hasCpe() { - return cpe.size() > 0; + return !cpe.isEmpty(); } /** * The list of cvssBelow scores. @@ -152,7 +152,7 @@ public class SuppressionRule { * @return whether or not this suppression rule has cvss suppressions */ public boolean hasCvssBelow() { - return cvssBelow.size() > 0; + return !cvssBelow.isEmpty(); } /** * The list of cwe entries to suppress. @@ -192,7 +192,7 @@ public class SuppressionRule { * @return whether this suppression rule has CWE entries */ public boolean hasCwe() { - return cwe.size() > 0; + return !cwe.isEmpty(); } /** * The list of cve entries to suppress. @@ -232,7 +232,7 @@ public class SuppressionRule { * @return whether this suppression rule has CVE entries */ public boolean hasCve() { - return cve.size() > 0; + return !cve.isEmpty(); } /** * A Maven GAV to suppression. @@ -450,28 +450,28 @@ public class SuppressionRule { if (gav != null) { sb.append("gav=").append(gav).append(","); } - if (cpe != null && cpe.size() > 0) { + if (cpe != null && !cpe.isEmpty()) { sb.append("cpe={"); for (PropertyType pt : cpe) { sb.append(pt).append(","); } sb.append("}"); } - if (cwe != null && cwe.size() > 0) { + if (cwe != null && !cwe.isEmpty()) { sb.append("cwe={"); for (String s : cwe) { sb.append(s).append(","); } sb.append("}"); } - if (cve != null && cve.size() > 0) { + if (cve != null && !cve.isEmpty()) { sb.append("cve={"); for (String s : cve) { sb.append(s).append(","); } sb.append("}"); } - if (cvssBelow != null && cvssBelow.size() > 0) { + if (cvssBelow != null && !cvssBelow.isEmpty()) { sb.append("cvssBelow={"); for (Float s : cvssBelow) { sb.append(s).append(","); diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java index da32ae686..844ddbde6 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java @@ -701,7 +701,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma private Proxy getMavenProxy() { if (mavenSettings != null) { final List proxies = mavenSettings.getProxies(); - if (proxies != null && proxies.size() > 0) { + if (proxies != null && !proxies.isEmpty()) { if (mavenSettingsProxyId != null) { for (Proxy proxy : proxies) { if (mavenSettingsProxyId.equalsIgnoreCase(proxy.getId())) { @@ -711,8 +711,8 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma } else if (proxies.size() == 1) { return proxies.get(0); } else { - LOGGER.warning("Multiple proxy defentiions exist in the Maven settings. In the dependency-check " - + "configuration set the maveSettingsProxyId so that the correct proxy will be used."); + LOGGER.warning("Multiple proxy definitions exist in the Maven settings. In the dependency-check " + + "configuration set the mavenSettingsProxyId so that the correct proxy will be used."); throw new IllegalStateException("Ambiguous proxy definition"); } } From 25238d5fb52a65962bcca92e95fef3fabe930465 Mon Sep 17 00:00:00 2001 From: Hans Joachim Desserud Date: Sun, 22 Feb 2015 12:19:49 +0100 Subject: [PATCH 5/5] Prefer interfaces over concrete classes. I have updated internal usage and accepted parameters. I have not touched return values for public/protected methods since they may be called externally and I don't want to break assignments from these. Former-commit-id: e534f9acf569a258dd72a568dfe69e70486eb697 --- .../analyzer/ArchiveAnalyzer.java | 2 +- .../dependencycheck/analyzer/CPEAnalyzer.java | 2 +- .../analyzer/HintAnalyzer.java | 3 +- .../dependencycheck/analyzer/JarAnalyzer.java | 28 +++++++++---------- .../dependencycheck/data/nvdcve/CveDB.java | 10 ++++--- .../data/nvdcve/DatabaseProperties.java | 2 +- .../data/nvdcve/DriverLoader.java | 3 +- .../utils/DependencyVersionUtil.java | 3 +- .../dependencycheck/utils/UrlStringUtils.java | 5 ++-- 9 files changed, 32 insertions(+), 26 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java index a8cddd031..dc662b2c6 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java @@ -110,7 +110,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { static { final String additionalZipExt = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS); if (additionalZipExt != null) { - final HashSet ext = new HashSet(Arrays.asList(additionalZipExt)); + final Set ext = new HashSet(Arrays.asList(additionalZipExt)); ZIPPABLES.addAll(ext); } EXTENSIONS.addAll(ZIPPABLES); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java index f6121b258..19d9c890d 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java @@ -255,7 +255,7 @@ public class CPEAnalyzer implements Analyzer { protected List searchCPE(String vendor, String product, Set vendorWeightings, Set productWeightings) { - final ArrayList ret = new ArrayList(MAX_QUERY_RESULTS); + final List ret = new ArrayList(MAX_QUERY_RESULTS); final String searchString = buildSearch(vendor, product, vendorWeightings, productWeightings); if (searchString == null) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java index 123f51f83..2cf2c87c9 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java @@ -19,6 +19,7 @@ package org.owasp.dependencycheck.analyzer; import java.util.ArrayList; import java.util.Iterator; +import java.util.List; import java.util.Set; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; @@ -101,7 +102,7 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer { dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "vmware", Confidence.HIGH); } final Iterator itr = dependency.getVendorEvidence().iterator(); - final ArrayList newEntries = new ArrayList(); + final List newEntries = new ArrayList(); while (itr.hasNext()) { final Evidence e = itr.next(); if ("sun".equalsIgnoreCase(e.getValue(false))) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index 34506582f..5adf7968f 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -227,7 +227,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { @Override public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException { try { - final ArrayList classNames = collectClassNames(dependency); + final List classNames = collectClassNames(dependency); final String fileName = dependency.getFileName().toLowerCase(); if (classNames.isEmpty() && (fileName.endsWith("-sources.jar") @@ -255,7 +255,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * @throws AnalysisException is thrown if there is an exception parsing the pom * @return whether or not evidence was added to the dependency */ - protected boolean analyzePOM(Dependency dependency, ArrayList classes, Engine engine) throws AnalysisException { + protected boolean analyzePOM(Dependency dependency, List classes, Engine engine) throws AnalysisException { boolean foundSomething = false; final JarFile jar; try { @@ -531,7 +531,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * file being analyzed * @return true if there was evidence within the pom that we could use; otherwise false */ - private boolean setPomEvidence(Dependency dependency, Model pom, Properties pomProperties, ArrayList classes) { + private boolean setPomEvidence(Dependency dependency, Model pom, Properties pomProperties, List classes) { boolean foundSomething = false; boolean addAsIdentifier = true; if (pom == null) { @@ -659,10 +659,10 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * @param dependency a dependency to analyze * @param addPackagesAsEvidence a flag indicating whether or not package names should be added as evidence. */ - protected void analyzePackageNames(ArrayList classNames, + protected void analyzePackageNames(List classNames, Dependency dependency, boolean addPackagesAsEvidence) { - final HashMap vendorIdentifiers = new HashMap(); - final HashMap productIdentifiers = new HashMap(); + final Map vendorIdentifiers = new HashMap(); + final Map productIdentifiers = new HashMap(); analyzeFullyQualifiedClassNames(classNames, vendorIdentifiers, productIdentifiers); final int classCount = classNames.size(); @@ -704,7 +704,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * @return whether evidence was identified parsing the manifest * @throws IOException if there is an issue reading the JAR file */ - protected boolean parseManifest(Dependency dependency, ArrayList classInformation) throws IOException { + protected boolean parseManifest(Dependency dependency, List classInformation) throws IOException { boolean foundSomething = false; JarFile jar = null; try { @@ -1050,8 +1050,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * @param dependency the dependency being analyzed * @return an list of fully qualified class names */ - private ArrayList collectClassNames(Dependency dependency) { - final ArrayList classNames = new ArrayList(); + private List collectClassNames(Dependency dependency) { + final List classNames = new ArrayList(); JarFile jar = null; try { jar = new JarFile(dependency.getActualFilePath()); @@ -1089,10 +1089,10 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * @param vendor HashMap of possible vendor names from package names (e.g. owasp) * @param product HashMap of possible product names from package names (e.g. dependencycheck) */ - private void analyzeFullyQualifiedClassNames(ArrayList classNames, - HashMap vendor, HashMap product) { + private void analyzeFullyQualifiedClassNames(List classNames, + Map vendor, Map product) { for (ClassNameInformation entry : classNames) { - final ArrayList list = entry.getPackageStructure(); + final List list = entry.getPackageStructure(); addEntry(vendor, list.get(0)); if (list.size() == 2) { @@ -1120,7 +1120,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * @param collection a collection of strings and their occurrence count * @param key the key to add to the collection */ - private void addEntry(HashMap collection, String key) { + private void addEntry(Map collection, String key) { if (collection.containsKey(key)) { collection.put(key, collection.get(key) + 1); } else { @@ -1137,7 +1137,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * @param value the value to check to see if it contains a package name * @param evidence the evidence collection to add new entries too */ - private void addMatchingValues(ArrayList classes, String value, EvidenceCollection evidence) { + private void addMatchingValues(List classes, String value, EvidenceCollection evidence) { if (value == null || value.isEmpty() || classes == null || classes.isEmpty()) { return; } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java index d38da868c..08258d7c6 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java @@ -28,6 +28,7 @@ import java.util.ArrayList; import java.util.HashMap; import java.util.HashSet; import java.util.List; +import java.util.Map; import java.util.Map.Entry; import java.util.Properties; import java.util.Set; @@ -458,7 +459,8 @@ public class CveDB { final List vulnerabilities = new ArrayList(); PreparedStatement ps; - final HashSet cveEntries = new HashSet(); + //TODO(code review): Looks like things are only added to this map, but never retrieved or checked + final Set cveEntries = new HashSet(); try { ps = getConnection().prepareStatement(SELECT_CVE_FROM_SOFTWARE); ps.setString(1, cpe.getVendor()); @@ -466,7 +468,7 @@ public class CveDB { rs = ps.executeQuery(); String currentCVE = ""; - final HashMap vulnSoftware = new HashMap(); + final Map vulnSoftware = new HashMap(); while (rs.next()) { final String cveId = rs.getString(1); if (!currentCVE.equals(cveId)) { //check for match and add @@ -787,12 +789,12 @@ public class CveDB { * @param identifiedVersion the identified version of the dependency being analyzed * @return true if the identified version is affected, otherwise false */ - protected Entry getMatchingSoftware(HashMap vulnerableSoftware, String vendor, String product, + protected Entry getMatchingSoftware(Map vulnerableSoftware, String vendor, String product, DependencyVersion identifiedVersion) { final boolean isVersionTwoADifferentProduct = "apache".equals(vendor) && "struts".equals(product); - final HashSet majorVersionsAffectingAllPrevious = new HashSet(); + final Set majorVersionsAffectingAllPrevious = new HashSet(); final boolean matchesAnyPrevious = identifiedVersion == null || "-".equals(identifiedVersion.toString()); String majorVersionMatch = null; for (Entry entry : vulnerableSoftware.entrySet()) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.java index a10fc1d30..8b90dd0fa 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.java @@ -154,7 +154,7 @@ public class DatabaseProperties { * @return a map of the database meta data */ public Map getMetaData() { - final TreeMap map = new TreeMap(); + final Map map = new TreeMap(); for (Entry entry : properties.entrySet()) { final String key = (String) entry.getKey(); if (!"version".equals(key)) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverLoader.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverLoader.java index fbce2e8a8..127b43673 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverLoader.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverLoader.java @@ -27,6 +27,7 @@ import java.sql.Driver; import java.sql.DriverManager; import java.sql.SQLException; import java.util.ArrayList; +import java.util.List; import java.util.logging.Level; import java.util.logging.Logger; @@ -75,7 +76,7 @@ public final class DriverLoader { */ public static Driver load(String className, String pathToDriver) throws DriverLoadException { final URLClassLoader parent = (URLClassLoader) ClassLoader.getSystemClassLoader(); - final ArrayList urls = new ArrayList(); + final List urls = new ArrayList(); final String[] paths = pathToDriver.split(File.pathSeparator); for (String path : paths) { final File file = new File(path); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java index a938434be..36991a93c 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java @@ -18,6 +18,7 @@ package org.owasp.dependencycheck.utils; import java.util.ArrayList; +import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -62,7 +63,7 @@ public final class DependencyVersionUtil { //'-' is a special case used within the CVE entries, just include it as the version. if ("-".equals(text)) { final DependencyVersion dv = new DependencyVersion(); - final ArrayList list = new ArrayList(); + final List list = new ArrayList(); list.add(text); dv.setVersionParts(list); return dv; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/UrlStringUtils.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/UrlStringUtils.java index bdec9b3e5..92f7ee71e 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/UrlStringUtils.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/UrlStringUtils.java @@ -23,6 +23,7 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.HashSet; import java.util.List; +import java.util.Set; import java.util.regex.Pattern; /** @@ -68,7 +69,7 @@ public final class UrlStringUtils { /** * A listing of domain parts that should not be used as evidence. Yes, this is an incomplete list. */ - private static final HashSet IGNORE_LIST = new HashSet( + private static final Set IGNORE_LIST = new HashSet( Arrays.asList("www", "com", "org", "gov", "info", "name", "net", "pro", "tel", "mobi", "xxx")); /** @@ -86,7 +87,7 @@ public final class UrlStringUtils { * @throws MalformedURLException thrown if the URL is malformed */ public static List extractImportantUrlData(String text) throws MalformedURLException { - final ArrayList importantParts = new ArrayList(); + final List importantParts = new ArrayList(); final URL url = new URL(text); final String[] domain = url.getHost().split("\\."); //add the domain except www and the tld.